Network Policy

Kubernetes Network Policies are API objects that control which pods can communicate with each other and with external endpoints using label selectors. By default, Kubernetes allows all pod-to-pod communication; applying a default-deny NetworkPolicy and explicitly allowing only required traffic implements micro-segmentation.

Network policies require a compatible CNI plugin (Calico, Cilium, or others) to be enforced — they are defined in the API but have no effect without a policy-capable CNI.